Re: Question about ipchains
> > It accepts all other traffic to non-privileged ports. i prefer to
> > allow traffic without the syn flag (not initiating a new connection)
> > only, not all misc traffic, it's more secure, the way to do it is
> > like:
> > ipchains -A input -s 0/0 -d 0/0 1024:65535 -p tcp ! -y -j ACCEPT
> > ipchains -A input -s 0/0 -d 0/0 1024:65535 -p udp ! -y -j ACCEPT
> >
>
> unfortuantly this breaks irc, ftp and many other things.
It's also an error. The -y option is only valid for tcp connections.
Since udp is a connectionless packet, that makes sense.
Reply to: